On Sun, 10 May 2020 12:16:56 -0400
Qian Cai <c...@lca.pw> wrote:
> vfio_pci_disable() calls vfio_config_free() but forgets to call
> free_perm_bits() resulting in memory leaks,
>
> unreferenced object 0xc000000c4db2dee0 (size 16):
> comm "qemu-kvm", pid 4305, jiffies 4295020272 (age 3463.780s)
> hex dump (first 16 bytes):
> 00 00 ff 00 ff ff ff ff ff ff ff ff ff ff 00 00 ................
> backtrace:
> [<00000000a6a4552d>] alloc_perm_bits+0x58/0xe0 [vfio_pci]
> [<00000000ac990549>] vfio_config_init+0xdf0/0x11b0 [vfio_pci]
> init_pci_cap_msi_perm at drivers/vfio/pci/vfio_pci_config.c:1125
> (inlined by) vfio_msi_cap_len at drivers/vfio/pci/vfio_pci_config.c:1180
> (inlined by) vfio_cap_len at drivers/vfio/pci/vfio_pci_config.c:1241
> (inlined by) vfio_cap_init at drivers/vfio/pci/vfio_pci_config.c:1468
> (inlined by) vfio_config_init at drivers/vfio/pci/vfio_pci_config.c:1707
> [<000000006db873a1>] vfio_pci_open+0x234/0x700 [vfio_pci]
> [<00000000630e1906>] vfio_group_fops_unl_ioctl+0x8e0/0xb84 [vfio]
> [<000000009e34c54f>] ksys_ioctl+0xd8/0x130
> [<000000006577923d>] sys_ioctl+0x28/0x40
> [<000000006d7b1cf2>] system_call_exception+0x114/0x1e0
> [<0000000008ea7dd5>] system_call_common+0xf0/0x278
> unreferenced object 0xc000000c4db2e330 (size 16):
> comm "qemu-kvm", pid 4305, jiffies 4295020272 (age 3463.780s)
> hex dump (first 16 bytes):
> 00 ff ff 00 ff ff ff ff ff ff ff ff ff ff 00 00 ................
> backtrace:
> [<000000004c71914f>] alloc_perm_bits+0x44/0xe0 [vfio_pci]
> [<00000000ac990549>] vfio_config_init+0xdf0/0x11b0 [vfio_pci]
> [<000000006db873a1>] vfio_pci_open+0x234/0x700 [vfio_pci]
> [<00000000630e1906>] vfio_group_fops_unl_ioctl+0x8e0/0xb84 [vfio]
> [<000000009e34c54f>] ksys_ioctl+0xd8/0x130
> [<000000006577923d>] sys_ioctl+0x28/0x40
> [<000000006d7b1cf2>] system_call_exception+0x114/0x1e0
> [<0000000008ea7dd5>] system_call_common+0xf0/0x278
>
> Fixes: 89e1f7d4c66d ("vfio: Add PCI device driver")
> Signed-off-by: Qian Cai <c...@lca.pw>
> ---
> drivers/vfio/pci/vfio_pci_config.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/drivers/vfio/pci/vfio_pci_config.c
> b/drivers/vfio/pci/vfio_pci_config.c
> index 90c0b80f8acf..f9fdc72a5f4e 100644
> --- a/drivers/vfio/pci/vfio_pci_config.c
> +++ b/drivers/vfio/pci/vfio_pci_config.c
> @@ -1728,6 +1728,7 @@ void vfio_config_free(struct vfio_pci_device *vdev)
> vdev->vconfig = NULL;
> kfree(vdev->pci_config_map);
> vdev->pci_config_map = NULL;
> + free_perm_bits(vdev->msi_perm);
> kfree(vdev->msi_perm);
> vdev->msi_perm = NULL;
> }
Seems to be the only perm bits that were missed.
Reviewed-by: Cornelia Huck <coh...@redhat.com>
